Re: [Freeipa-devel] Storing/Looking up the creation time of a type

On Thu, 2014-07-24 at 08:40 +0300, Alexander Bokovoy wrote: > On Thu, 24 Jul 2014, James wrote: > >Hi devel, > > > >It would be particularly useful if each FreeIPA entry (eg: user, host, > >service, etc...) had creation and last modified timestamps. Do these > >fields already exist, and if they do,

Re: [Freeipa-devel] Storing/Looking up the creation time of a type

On Thu, 24 Jul 2014, James wrote: Hi devel, It would be particularly useful if each FreeIPA entry (eg: user, host, service, etc...) had creation and last modified timestamps. Do these fields already exist, and if they do, how can I access them? If they do not, I would like to propose these as a

[Freeipa-devel] Storing/Looking up the creation time of a type

Hi devel, It would be particularly useful if each FreeIPA entry (eg: user, host, service, etc...) had creation and last modified timestamps. Do these fields already exist, and if they do, how can I access them? If they do not, I would like to propose these as a feature request. One use case for

[Freeipa-devel] [PATCH 0026][DOC] Type in sudocmd in documentation

Hello, Fix for https://fedorahosted.org/freeipa/ticket/4451 Thanks, Gabe From e995aa908933b31509ce02ba6a57fc20fa4fc245 Mon Sep 17 00:00:00 2001 From: Gabe Date: Wed, 23 Jul 2014 16:19:18 -0600 Subject: [PATCH] Typo in upstream documentation - Fix typo with --sudocmds option https://fedorahost

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

Nope. Somehow in my head it felt cleaner. Updated patched attached. On Wed, Jul 23, 2014 at 1:18 AM, Jan Cholasta wrote: > On 23.7.2014 01:01, Gabe Alford wrote: > >> Forgot about --trust-secret. Here is an updated patch. >> >> >> On Mon, Jul 21, 2014 at 2:31 AM, Jan Cholasta >

Re: [Freeipa-devel] [PATCH] 479 Do not require dogtag-pki-server-theme

On Wed, 23 Jul 2014, Martin Kosek wrote: On 07/23/2014 05:21 PM, Alexander Bokovoy wrote: On Wed, 23 Jul 2014, Martin Kosek wrote: On 07/23/2014 05:07 PM, Alexander Bokovoy wrote: On Wed, 23 Jul 2014, Martin Kosek wrote: Theme package is contains resources for PKI web interface. This interfac

Re: [Freeipa-devel] [PATCH] 479 Do not require dogtag-pki-server-theme

On 07/23/2014 05:21 PM, Alexander Bokovoy wrote: > On Wed, 23 Jul 2014, Martin Kosek wrote: >> On 07/23/2014 05:07 PM, Alexander Bokovoy wrote: >>> On Wed, 23 Jul 2014, Martin Kosek wrote: Theme package is contains resources for PKI web interface. This interface is not needed by FreeIPA a

Re: [Freeipa-devel] [PATCH] 479 Do not require dogtag-pki-server-theme

On Wed, 23 Jul 2014, Martin Kosek wrote: On 07/23/2014 05:07 PM, Alexander Bokovoy wrote: On Wed, 23 Jul 2014, Martin Kosek wrote: Theme package is contains resources for PKI web interface. This interface is not needed by FreeIPA as it rather utilizes it's API. As recommended in https://bugzill

Re: [Freeipa-devel] [PATCH] 479 Do not require dogtag-pki-server-theme

On 07/23/2014 05:07 PM, Alexander Bokovoy wrote: > On Wed, 23 Jul 2014, Martin Kosek wrote: >> Theme package is contains resources for PKI web interface. This interface >> is not needed by FreeIPA as it rather utilizes it's API. As recommended in >> https://bugzilla.redhat.com/show_bug.cgi?id=10680

Re: [Freeipa-devel] [PATCH] 479 Do not require dogtag-pki-server-theme

On Wed, 23 Jul 2014, Martin Kosek wrote: Theme package is contains resources for PKI web interface. This interface is not needed by FreeIPA as it rather utilizes it's API. As recommended in https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5, remove this hard dependency. I've seen several tim

Re: [Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

Hi, On 23.7.2014 15:46, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4244 1) Use "isinstance(X, Y)" instead of "type(X) is Y". 2) When is "type(not_before) is str" or "type(not_after) is str" true? The values coming from command options or LDAP should always be datetime, never

[Freeipa-devel] [PATCH] 715 webui: add bounce url to reset_password.html

reset_password.html now redirects browser to URL specified in 'redirect' uri component (if present). The component has to be URI encoded. ie (in browser console): $ encodeURIComponent('http://pvoborni.fedorapeople.org/doc/#!/guide/Debugging') --> "http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%

Re: [Freeipa-devel] [PATCH] 0105 FIX: LDAP_updater

On 23/07/14 15:30, Rob Crittenden wrote: Martin Basti wrote: This patch fixes ordering problem of schema updates Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will be in Fedora 21) Patch attached It looks like the modlist is only generated during a live run which would d

[Freeipa-devel] [PATCH] 479 Do not require dogtag-pki-server-theme

Theme package is contains resources for PKI web interface. This interface is not needed by FreeIPA as it rather utilizes it's API. As recommended in https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5, remove this hard dependency. -- Martin Kosek Supervisor, Software Engineering - Identity Ma

Re: [Freeipa-devel] [PATCH] 0006 Fix group-remove-member crash when group is removed from a protected group

On 07/23/2014 04:15 PM, Martin Kosek wrote: On 07/23/2014 04:08 PM, David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4448 Alternatively, we could also update the "if" condition to avoid running this section at all when options['user'] does not exist or is empty. This would save us at

Re: [Freeipa-devel] [PATCH] 0006 Fix group-remove-member crash when group is removed from a protected group

Martin Kosek wrote: > On 07/23/2014 04:08 PM, David Kupka wrote: >> https://fedorahosted.org/freeipa/ticket/4448 > > Alternatively, we could also update the "if" condition to avoid running this > section at all when options['user'] does not exist or is empty. This would > save > us at least from

Re: [Freeipa-devel] [PATCH] 0006 Fix group-remove-member crash when group is removed from a protected group

On 07/23/2014 04:08 PM, David Kupka wrote: > https://fedorahosted.org/freeipa/ticket/4448 Alternatively, we could also update the "if" condition to avoid running this section at all when options['user'] does not exist or is empty. This would save us at least from api.Command.group_show call. Mart

[Freeipa-devel] [PATCH] 0006 Fix group-remove-member crash when group is removed from a protected group

https://fedorahosted.org/freeipa/ticket/4448 -- David Kupka From 306fd94ae35f153bd7eabf80217219ec25b2189b Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 23 Jul 2014 16:02:17 +0200 Subject: [PATCH] Fix group-remove-member crash when group is removed from a protected group https://fedoraho

[Freeipa-devel] [PATCH] 0005 Verify otptoken timespan is valid

https://fedorahosted.org/freeipa/ticket/4244 -- David Kupka From 513fd9b6cf7502ed08e31318dd9425bc12392720 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 23 Jul 2014 15:32:18 +0200 Subject: [PATCH] Verify otptoken timespan is valid When creating or modifying otptoken check that token valid

Re: [Freeipa-devel] [PATCH] 0105 FIX: LDAP_updater

On 07/23/2014 03:17 PM, Martin Basti wrote: > This patch fixes ordering problem of schema updates > > Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will be in > Fedora 21) > > Patch attached If current LDAP updater does not fail or crash on 4.0.x, I would personally leave t

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On Wed, Jul 23, 2014 at 10:12:39AM +0200, Martin Kosek wrote: > Certmonger API looked complete enough to pull this off: > https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/api.txt > > If I am wrong, please tell me. No, it's meant to be complete -- the getcert command only uses the APIs to

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On Wed, Jul 23, 2014 at 11:32:52AM +0300, Alexander Bokovoy wrote: > Were there DBus Python bindings available in RHEL 5/6 at the time when the > code was written? Yes, but the API itself wasn't all there, and large parts of the internals needed to be rewritten around its 0.53 release. Before the

Re: [Freeipa-devel] [PATCH] 0105 FIX: LDAP_updater

Martin Basti wrote: > This patch fixes ordering problem of schema updates > > Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will > be in Fedora 21) > > Patch attached It looks like the modlist is only generated during a live run which would diminish the utility of the --tes

[Freeipa-devel] [PATCH] 713-714 webui: replace action_buttons with action_widget

[PATCH] 713 webui: replace action_buttons with action_widget Simplify code base by reuse of 'disable' feature of button_widget. All occurrences of action-button which were disabled/enabled were replaced by button-widget. https://fedorahosted.org/freeipa/ticket/4258 [PATCH] 714 webui: remove rem

[Freeipa-devel] [PATCH] 712 webui: detach facet nodes

Detach/attach facet nodes when switching facets instead of hiding/showing. Keeps dom-tree more simple. This patch is not really needed. I implemented it while testing something in IE. But it might have positive effect for poorly written parts of Web UI(if there are any :) ) or plugins. Basica

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

Jan Cholasta wrote: > On 23.7.2014 12:23, Martin Kosek wrote: >> On 07/23/2014 10:49 AM, Jan Cholasta wrote: >>> On 23.7.2014 10:38, Martin Kosek wrote: On 07/23/2014 10:33 AM, Jan Cholasta wrote: > On 23.7.2014 10:12, Martin Kosek wrote: >> On 07/23/2014 09:56 AM, David Kupka wrote: >

[Freeipa-devel] [PATCH] 0105 FIX: LDAP_updater

This patch fixes ordering problem of schema updates Martin should it be in IPA 4.0.x ? It requires rebased ldap_python (will be in Fedora 21) Patch attached -- Martin Basti From 25aaa9872bbc725648c066f1d253f64c5f84ffc1 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 23 Jul 2014 14:42

[Freeipa-devel] [PATCH] 711 webui: internet explorer fixes

Fixed: 1. IE doesn't support value 'initial' in CSS rule. 2. setting innerHTML='' also destroys content of child nodes in LoginScreen in IE -> reattached buttons have no text. Should go into 4.0 Milestone -- Petr Vobornik From 0a845165a86833a8471bd534c75b0f8baa018162 Mon Sep 17 00:00:00 2001 From

[Freeipa-devel] [PATCH] 710 webui: review pending operation after expired session

Disable automatic re-execution of command after pending authentication. It's possible to enable it again globally by 'freeipa/config':`rpc_retry_auth`. https://fedorahosted.org/freeipa/ticket/4374 # Additional info: This ticket is in 4.0 stabilization milestone. I don't think it's the best fit

Re: [Freeipa-devel] [PATCH 0245] baseldap: Remove redundant search from LDAPAddReverseMember

On 07/23/2014 03:03 PM, Jan Cholasta wrote: > On 23.7.2014 14:40, Tomas Babej wrote: >> Hi, >> >> when poking in the depths of the baseldap, I found this seemingly >> redundant search. > > ACK. For the record, before commit f1f1b4e the result was used for > wait_for_memberof. Pushed to master, ip

[Freeipa-devel] [PATCHES] 0102-0103 DNS upgrade: add missing tests if DNS is installed

This should be applied in 4.0.x, 4.1, master Patches attached -- Martin Basti From 89e7dd87c1fad90084cb8fab38e985f95de8347e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Mon, 21 Jul 2014 16:54:12 +0200 Subject: [PATCH 1/2] Fix DNS upgrade plugin should check if DNS container exists Fortu

Re: [Freeipa-devel] [PATCH 0245] baseldap: Remove redundant search from LDAPAddReverseMember

On 23.7.2014 14:40, Tomas Babej wrote: Hi, when poking in the depths of the baseldap, I found this seemingly redundant search. ACK. For the record, before commit f1f1b4e the result was used for wait_for_memberof. BTW, I think this bit: # Ensure our target exists result = se

[Freeipa-devel] [PATCH 0245] baseldap: Remove redundant search from LDAPAddReverseMember

Hi, when poking in the depths of the baseldap, I found this seemingly redundant search. -- Tomas Babej Associate Software Engineer | Red Hat | Identity Management RHCE | Brno Site | IRC: tbabej | freeipa.org >From 24773eaded8f0216f24f4e3b1250f8633484f9c7 Mon Sep 17 00:00:00 2001 From: Tomas B

[Freeipa-devel] [PATCH 0277] Bump NVR to 5.1

Hello, Bump NVR to 5.1. -- Petr^2 Spacek From 1ac2fd5e1d7e5ad742739b4ec5d2c326dcc0f184 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Wed, 23 Jul 2014 14:27:33 +0200 Subject: [PATCH] Bump NVR to 5.1. Signed-off-by: Petr Spacek --- configure.ac | 2 +- contrib/bind-dyndb-lda

[Freeipa-devel] [PATCH 0276] Fix crash during reconnection to LDAP

Hello, Fix crash during reconnection to LDAP. -- Petr^2 Spacek From fb979d2f07be16f8cf441d393612504235ab26d8 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Wed, 23 Jul 2014 14:18:41 +0200 Subject: [PATCH] Fix crash during reconnection to LDAP. Signed-off-by: Petr Spacek --- NEWS

[Freeipa-devel] [PATCH 0275] Add TLSARecord to idnsRecord object class

Hello, Add TLSARecord to idnsRecord object class. -- Petr^2 Spacek From 2d358ccbc323ea6d4339f22b16d419195054e017 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Fri, 27 Jun 2014 09:33:05 +0200 Subject: [PATCH] Add TLSARecord to idnsRecord object class. Signed-off-by: Petr Spacek --- doc/sch

[Freeipa-devel] [PATCH] 478 Allow hashed passwords in DS

See related thread "#4450: how to allow password migration?" for more information. --- Without nsslapd-allow-hashed-passwords being turned on, user password migration fails. https://fedorahosted.org/freeipa/ticket/4450 -- Martin Kosek Supervisor, Software Engineering - Identity Management Tea

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On 23.7.2014 12:23, Martin Kosek wrote: On 07/23/2014 10:49 AM, Jan Cholasta wrote: On 23.7.2014 10:38, Martin Kosek wrote: On 07/23/2014 10:33 AM, Jan Cholasta wrote: On 23.7.2014 10:12, Martin Kosek wrote: On 07/23/2014 09:56 AM, David Kupka wrote: While solving ticket #4280 I noticed that

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On 07/23/2014 10:49 AM, Jan Cholasta wrote: > On 23.7.2014 10:38, Martin Kosek wrote: >> On 07/23/2014 10:33 AM, Jan Cholasta wrote: >>> On 23.7.2014 10:12, Martin Kosek wrote: On 07/23/2014 09:56 AM, David Kupka wrote: > While solving ticket #4280 I noticed that we are messing with certmo

[Freeipa-devel] Ipsilon vs. FedOAuth

Hello list, I have noticed that Fedora is heavily using project FedOAuth: Federated Open Authentication "FedOAuth is a provider for federated authentication mechanisms with a modular authentication backend." It sounds somewhat similar to our Ipsilon project and it is also written in Python.

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On 23.7.2014 10:38, Martin Kosek wrote: On 07/23/2014 10:33 AM, Jan Cholasta wrote: On 23.7.2014 10:12, Martin Kosek wrote: On 07/23/2014 09:56 AM, David Kupka wrote: While solving ticket #4280 I noticed that we are messing with certmonger's files right under its hands. That can lead to some u

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On 07/23/2014 10:33 AM, Jan Cholasta wrote: > On 23.7.2014 10:12, Martin Kosek wrote: >> On 07/23/2014 09:56 AM, David Kupka wrote: >>> While solving ticket #4280 I noticed that we are messing with certmonger's >>> files right under its hands. That can lead to some unpleasant race condition >>> iss

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On Wed, 23 Jul 2014, Martin Kosek wrote: On 07/23/2014 09:56 AM, David Kupka wrote: While solving ticket #4280 I noticed that we are messing with certmonger's files right under its hands. That can lead to some unpleasant race condition issues. Is there any reason why not to call certmonger via D

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On 23.7.2014 10:12, Martin Kosek wrote: On 07/23/2014 09:56 AM, David Kupka wrote: While solving ticket #4280 I noticed that we are messing with certmonger's files right under its hands. That can lead to some unpleasant race condition issues. Is there any reason why not to call certmonger via DB

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On 07/23/2014 09:56 AM, David Kupka wrote: > While solving ticket #4280 I noticed that we are messing with certmonger's > files right under its hands. That can lead to some unpleasant race condition > issues. > Is there any reason why not to call certmonger via DBus and ask it to stop > tracking th

[Freeipa-devel] Reasons for not using certmonger DBus API

While solving ticket #4280 I noticed that we are messing with certmonger's files right under its hands. That can lead to some unpleasant race condition issues. Is there any reason why not to call certmonger via DBus and ask it to stop tracking the requests? -- David Kupka

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

On 23.7.2014 01:01, Gabe Alford wrote: Forgot about --trust-secret. Here is an updated patch. On Mon, Jul 21, 2014 at 2:31 AM, Jan Cholasta mailto:jchol...@redhat.com>> wrote: On 21.7.2014 10:28, Martin Kosek wrote: On 07/21/2014 09:56 AM, Jan Cholasta wrote: Hi,